05-20-2022 08:59 AM
Looking to see if there is a troubleshooting guide for NATS and for Security Policy rules.
Searching has turned up various hits here and there, but not something comprehensive as what cisco has on their site for their docs.
Am I just looking in the wrong place?
Any other PA sites that have good info besides these boards?
05-20-2022 07:42 PM
Troubleshooting information is really something I've best found in KB articles and by learning more about the feature itself. The majority of actual troubleshooting documentation for PAN is internal documentation and really isn't available to customers.
Policy troubleshooting is relatively straight-forward once you understand all of the options and the top-down analysis of the firewall however. Assuming that you actively know about the test functionality to verify that you have a matching policy, what additional documentation were you hoping to find?
(Text doesn't always pass tone well, so just to be clear the last question is a genuine question. What type of troubleshooting documentation are you hoping to find an equivalent of? Could you share an example of the Cisco document that you're referencing).
05-21-2022 07:32 AM - edited 05-21-2022 07:38 AM
Hi @dmoore-acc360 ,
Great question. For starters, you can go to the PAN-OS® Administrator’s Guide https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin. Scrolling down the Table of Contents on the left, you will find Policy. Under Policy > Policy Types, you will find a table of the different policies and a link to the documentation for each one.
With regard to troubleshooting, sometimes you can Google "palo alto <feature> resource list" and see if you get a hit. I found this for the security policy -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgACAS.
I found this doc for NAT -> https://knowledgebase.paloaltonetworks.com/servlet/fileField?entityId=ka10g000000D83FAAS&field=Attac.... It has example security and NAT policies, which are VERY useful. Here's another one -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CllzCAC.
There is a free course on Beacon, Firewall 9.1 Essentials, that has excellent online tutorials on security and NAT policies.
This link has videos -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PN7rCAG with a few security and NAT policy topics. The video for destination NAT has another excellent video on the relationship between NAT and security policies.
I hope this helps. If do, please mark as solution! 🙂
Edit: I forgot this link -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGZCA0. All NAT configurations require a route (connected or other) in order to work.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!